3

I'm trying to get somepython code to decrypt data that was encrypted using the OS X CommonCrypto APIs. There is little to no documentation on the exact options that CommonCrypto uses, so I'm needing some help figuring out what options to set in PyCrypto.

Specifically, my CommonCrypto decryption setup call is:

CCCryptorCreateWithMode(kCCDecrypt, kCCModeCFB, kCCAlgorithmAES128, ccDefaultPadding, NULL, key, keyLength, NULL, 0, 0, 0, &mAESKey);

My primary questions are:

  1. Since there is both a kCCModeCFB and kCCModeCFB8, what is CommonCrypto's definition of CFB mode - what segment size, etc?
  2. What block size is the CommonCrypto AES128 using? 16 or 128?
  3. What is the default padding, and does it even matter in CFB mode?

Currently, the first 4 bytes of data is decrypting successfully with PyCrypto *as long as I set the segment_size to 16*.

Ideas?

Loki
  • 6,205
  • 4
  • 24
  • 36
  • As a note, M2Crypto works perfectly fine decrypting the data, so it *has* to be soe sort of options issue or the like. – Loki Dec 22 '11 at 21:50
  • Recently, I am working on it with same question. Have you find any way or sample code for this problem. – Yi Jiang Jul 16 '13 at 01:47

1 Answers1

2

Without knowing CommonCrypto or PyCrypto, some partial answers:

  • AES (in all three variants) has a block size of 128 bits, which are 16 bytes.

  • CFB (cipher feedback mode) would actually also work without padding (i.e. with a partial last block), since for each block the ciphertext is created as the XOR of plaintext with some keystream block, which only depends on previous blocks. (You still can use any padding you want.)

    If you can experiment with some known data, first have a look at the ciphertext size. If it is not a multiple of a full block (and the same as the plaintext + IV), then it is quite likely no padding.

    Otherwise, decrypt it with noPadding mode, have a look at the result, and compare with the different known padding modes.

    From a glance at the source code, it might be PKCS#5-padding.

  • CFB8 is a variant of CFB which uses only the top 8 bits (= one byte) of each block cipher call output (which takes the previous 128 bits (= 16 bytes) of ciphertext (or IV) as input). This needs 16 times as many block cipher calls, but allows partial sending of a stream without having to worry about block boundaries.

  • There is another definition of CFB which includes a segment size - here the segment size is the number of bits (or bytes) to be used from each cipher output. In this definition, the "plain" CFB would have a segment size of 128 bits (= 16 bytes), CFB8 would have a segment size of 8 bits (one byte).

Paŭlo Ebermann
  • 73,284
  • 20
  • 146
  • 210